IAzClientContext::AccessCheck method (azroles.h)
The AccessCheck method determines whether the current client context is allowed to perform the specified operations.
Syntax
HRESULT AccessCheck(
[in] BSTR bstrObjectName,
[in] VARIANT varScopeNames,
[in] VARIANT varOperations,
[in, optional] VARIANT varParameterNames,
[in, optional] VARIANT varParameterValues,
[in, optional] VARIANT varInterfaceNames,
[in, optional] VARIANT varInterfaceFlags,
[in, optional] VARIANT varInterfaces,
[out] VARIANT *pvarResults
);
Parameters
[in] bstrObjectName
The name of the accessed object. This string is used in audits.
[in] varScopeNames
A variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_BSTR that contains the name of a scope that the object specified by the bstrObjectName parameter matches. The array can contain only one element. To use the default application level scope, set the first entry in the array to an empty string ("") or VT_EMPTY, or pass VT_EMPTY in to this parameter.
[in] varOperations
The operations for which access by the client context is checked. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_I2 or VT_I4 that represents the OperationID property of an IAzOperation object in the IAzApplication policy.
[in, optional] varParameterNames
The names of the parameters available to business rules (BizRules) through the AzBizRuleContext::GetParameter method. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_BSTR that contains a parameter name. This array must be sorted alphabetically by the caller; the sort order is as defined by a case-sensitive VarCmp. The order of the varParameterValues array must match the order of this array. The default value is VT_NULL.
[in, optional] varParameterValues
The values of the parameters that are available to business rules (BizRules) through the AzBizRuleContext::GetParameter method. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a value that corresponds to an element in the varParameterNames array. The default value is VT_NULL. The entries in the array can hold any type except VT_UNKNOWN and VT_DISPATCH.
[in, optional] varInterfaceNames
The names by which the interfaces in the varInterfaces array will be known in a BizRule script. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a string variant that contains an interface name. This method calls the IActiveScript::AddNamedItem method for each entry in the array. The default value is VT_NULL.
[in, optional] varInterfaceFlags
Flags that will be passed in the call to IActiveScript::AddNamedItem. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds a VT_I4. The SCRIPTITEM_ISVISIBLE flag is implied; the SCRIPTITEM_ISPERSISTENT flag is ignored. Each entry in the array must match the corresponding element in the varInterfaceNames array. The default value is VT_NULL.
[in, optional] varInterfaces
The IDispatch interfaces that will be made available to the BizRule script. This is a variant that contains either a SAFEARRAY or the JScript Array object. Each element of the array holds an IDispatch interface. Each entry in the array must match the corresponding element in the varInterfaceNames array. The default value is VT_NULL.
[out] pvarResults
A pointer to a VARIANT used to return a SAFEARRAY that contains the results of the access check. Each element of the SAFEARRAY is a VARIANT of type VT_I4. Each entry in the array matches the corresponding element in the varOperations array. If access to an operation is granted to the client context, a value of NO_ERROR is returned in the corresponding element in the pvarResults array. Any other value indicates that access to that operation is not granted. A typical value that indicates failure is ERROR_ACCESS_DENIED.
In JScript, the returned SAFEARRAY must be converted to the JScript Array object.
Return value
If the method succeeds, the method returns NO_ERROR.
If the method fails, it returns an HRESULT value that indicates the status of the method, not the result of the access check. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code/value | Description |
|---|---|
|
This error code can be returned if an Active Directory authorization store is used and the administration of the scope has been delegated. The task and role definitions within a delegated scope cannot have BizRules. If a task or role definition within a delegated scope contains a BizRule (this is possible if the store is corrupted), the AccessCheck method will fail. |
|
The BizRule used to evaluate access contains a syntax error. |
Remarks
If the RoleForAccessCheck property is defined in the client context, the AccessCheck method will be performed only on that role.
When this method is called, the application group membership is added to the client context so that it does not need to be recomputed for subsequent access checks on the same client context.
This method cannot be called by a BizRule.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | azroles.h |
| Library | Azroles.lib |
| DLL | Azroles.dll |
| Redistributable | Windows Server 2003 Administration Tools Pack on Windows XP |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for